CVE-2020-7378 PoC — Crixp Opencrx 授权问题漏洞

Source

Associated Vulnerability

Description

Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378. Also maintains Stealth by deleting all the password reset mails created by the script

Readme

# openCRX-CVE-2020-7378 (Unauthenticated Account Take Over)
Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378.

## A Stealthy Python Implentation for CVE-2020-7378

### Exploit is because, the developers used Random Class from java.util.Random to generate random tokens in order to reset a users password
### Instead they should be using the SecureRandom Class from java.security.SecureRandom to generate random tokens

#### Tested on v4.2.0, but should also work for other versions reported in the disclosure report of CVE-2020-7378
# Usage
`./openCRXreset.py -u <URL> -user <USERNAME> -pass <PASSWORD>`

  ![](https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378/blob/main/images/help.png)

# Features
- Uses python rich library to display a robust output

  ![](https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378/blob/main/images/inital-run.png)

- Deletes all the temporarily created files locally as part of the script

- Deletes **only the password reset mails** generated by the script in order to maintain stealth 

  ![](https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378/blob/main/images/final.png)

File Snapshot

 [4.0K]  /data/pocs/71ff4839afe2634e3483bc987440fdf61f5661d3
├── [4.0K]  images
│   ├── [206K]  final.png
│   ├── [ 89K]  help.png
│   └── [126K]  inital-run.png
├── [1.0K]  LICENSE
├── [8.9K]  openCRXreset.py
├── [ 796]  openCRXtimeGen.java
└── [1.1K]  README.md

1 directory, 7 files

Remarks